67 lines
1.5 KiB
Ruby
67 lines
1.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
RSpec.describe 'Rails YAML safe load patch' do
|
|
let(:unsafe_load) { false }
|
|
|
|
let(:klass) do
|
|
Class.new(ActiveRecord::Base) do
|
|
self.table_name = 'issues'
|
|
|
|
serialize :description
|
|
end
|
|
end
|
|
|
|
before do
|
|
allow(ActiveRecord::Base).to receive(:use_yaml_unsafe_load).and_return(unsafe_load)
|
|
end
|
|
|
|
context 'with safe load' do
|
|
let(:instance) { klass.new(description: data) }
|
|
|
|
context 'with default permitted classes' do
|
|
let(:data) do
|
|
{
|
|
"test" => Time.now,
|
|
ab: 1
|
|
}
|
|
end
|
|
|
|
it 'deserializes data' do
|
|
expect(Gitlab::ErrorTracking).not_to receive(:track_and_raise_for_dev_exception)
|
|
|
|
instance.save!
|
|
|
|
expect(klass.find(instance.id).description).to eq(data)
|
|
end
|
|
end
|
|
|
|
context 'with unpermitted classes' do
|
|
let(:data) { DateTime.now }
|
|
|
|
it 'logs an exception and loads the data' do
|
|
expect(Gitlab::ErrorTracking).to receive(:track_and_raise_for_dev_exception).twice
|
|
|
|
instance.save!
|
|
|
|
expect(klass.find(instance.id).description).to eq(data)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with unsafe load' do
|
|
let(:unsafe_load) { true }
|
|
let(:data) { DateTime.now }
|
|
let(:instance) { klass.new(description: data) }
|
|
|
|
it 'loads the data' do
|
|
expect(Gitlab::ErrorTracking).not_to receive(:track_and_raise_for_dev_exception)
|
|
|
|
instance.save!
|
|
|
|
expect(klass.find(instance.id).description).to eq(data)
|
|
end
|
|
end
|
|
end
|